PDF static analysis report

Static analysis result for SHA-256 cf8e7996e99d92d2…

SUSPICIOUS

PDF

10.9 KB Created: 2021-05-21 21:46:55 +07:00 Authoring application: wkhtmltopdf 0.12.6 (via Qt 4.8.7) First seen: 2021-09-27
MD5: 4372240a630e38b64ebdf973dfa75c1f SHA-1: fc38152d05c5c2729eeb60488d34783ebfb8be1e SHA-256: cf8e7996e99d92d2dd520526927ffdc54b8966b4593dbeb66275cccf464f7900
34 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains text and embedded URLs related to "Robux Generators" and "Coin Master" hacks, aiming to trick users into visiting malicious websites. The ML classifier strongly flagged this PDF as malicious, and the presence of external URIs further supports a malicious intent to redirect users to potentially harmful content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9398

Heuristics 2

  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://netcdn.xyz/app/431946152/get-free-robux-generator-game-hack PDF link annotation
    • https://learning.man3blitar.my.id/__statics/gudangsoal/files/how-to-hack-someones-roblox-account-2021_GM431946152.pdfIn PDF document text
    • https://learning.man3blitar.my.id/__statics/gudangsoal/files/coin-master-free-spins-link-2021_GM406889139.pdfIn PDF document text
    • https://learning.man3blitar.my.id/__statics/gudangsoal/files/coin-master-apk-hack-2021-ios_GM406889139.pdfIn PDF document text
    • https://learning.man3blitar.my.id/__statics/gudangsoal/files/coin-master-jackpot-madness-hack_GM406889139.pdfIn PDF document text
    • https://learning.man3blitar.my.id/__statics/gudangsoal/files/coin-master-free-spins_GM406889139.pdfIn PDF document text